felo-superAgent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches user-created brand styles via run_style_library.mjs (calls GET /v2/brand/style-library/list as documented in Step 4.5 of SKILL.md) and requires the agent to present, parse, and pass those verbatim style blocks as --ext brand_style_requirement to SuperAgent (and also can ingest public tweets via the search_x tool), meaning untrusted, user-generated content is read and can directly change agent/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's run_style_library.mjs script performs a runtime GET to the style library endpoint (e.g. https://openapi.felo.ai/v2/brand/style-library/list?category=TWITTER) and the returned "Style DNA" blocks are serialized verbatim into the --ext '{"brand_style_requirement":...}' parameter passed to run_superagent.mjs, meaning remote content fetched from that URL directly controls the agent's prompts/instructions and the skill requires this fetch for skill-based new conversations.